Refactor fields + other file ajustment

- finish fixing fields format in node configuration
- rename few chapters
- adjust hyperlink

docs/source/deploying-a-node.rst

@@ -1,5 +1,5 @@
-Deploying a node
-================
+Node deployment to server
+=========================
 
 .. contents::
 
@@ -36,18 +36,18 @@ handling, and ensures the Corda service is run at boot.
 
 6. Save the below as ``/opt/corda/node.conf``. See :doc:`corda-configuration-file` for a description of these options::
 
-      p2pAddress : "example.com:10002"
+      p2pAddress = "example.com:10002"
       rpcSettings {
           address: "example.com:10003"
           adminAddress: "example.com:10004"
       }
-      h2port : 11000
-      emailAddress : "you@example.com"
-      myLegalName : "O=Bank of Breakfast Tea, L=London, C=GB"
-      keyStorePassword : "cordacadevpass"
-      trustStorePassword : "trustpass"
-      devMode : false
-      rpcUsers=[
+      h2port = 11000
+      emailAddress = "you@example.com"
+      myLegalName = "O=Bank of Breakfast Tea, L=London, C=GB"
+      keyStorePassword = "cordacadevpass"
+      trustStorePassword = "trustpass"
+      devMode = false
+      rpcUsers= [
           {
               user=corda
               password=portal_password
@@ -116,8 +116,6 @@ handling, and ensures the Corda service is run at boot.
     * Make sure the service description is informative - particularly if you plan to run multiple nodes.
     * Change the username to the user account you want to use to run Corda. **We recommend that this user account is
       not root**
-    * Set the maximum amount of memory available to the Corda process by changing the ``-Xmx2048m`` parameter in
-      the config file
     * **SystemD**: Make sure the ``corda.service`` file is owned by root with the correct permissions:
 
         * ``sudo chown root:root /etc/systemd/system/corda.service``
@@ -205,18 +203,18 @@ at boot, and means the Corda service stays running with no users connected to th
 
 3. Save the below as ``C:\Corda\node.conf``. See :doc:`corda-configuration-file` for a description of these options::
 
-        p2pAddress : "example.com:10002"
+        p2pAddress = "example.com:10002"
         rpcSettings {
-            address: "example.com:10003"
-            adminAddress: "example.com:10004"
+            address = "example.com:10003"
+            adminAddress = "example.com:10004"
         }
-        h2port : 11000
-        emailAddress: "you@example.com"
-        myLegalName : "O=Bank of Breakfast Tea, L=London, C=GB"
-        keyStorePassword : "cordacadevpass"
-        trustStorePassword : "trustpass"
-        devMode : false
-        rpcUsers=[
+        h2port = 11000
+        emailAddress = "you@example.com"
+        myLegalName = "O=Bank of Breakfast Tea, L=London, C=GB"
+        keyStorePassword = "cordacadevpass"
+        trustStorePassword = "trustpass"
+        devMode = false
+        rpcUsers = [
             {
                 user=corda
                 password=portal_password
@@ -225,6 +223,7 @@ at boot, and means the Corda service stays running with no users connected to th
                 ]
             }
         ]
+        custom { jvmArgs = [ '-Xmx2048m', '-XX:+UseG1GC' ] }
 
 4. Make the following changes to ``C:\Corda\node.conf``:
 

docs/source/node-administration.rst

@@ -1,6 +1,76 @@
 Node administration
 ===================
 
+CRL configuration
+-----------------
+The Corda Network provides an endpoint serving an empty certificate revocation list for the TLS-level certificates.
+This is intended for deployments that do not provide a CRL infrastructure but still require a strict CRL mode checking.
+In such a case use the following URL in `tlsCertCrlDistPoint` option configuration:
+
+    .. sourcecode:: kotlin
+
+        "https://crl.cordaconnect.org/cordatls.crl"
+
+Together with the above configuration `tlsCertCrlIssuer` option needs to be set to the following value:
+
+    .. sourcecode:: kotlin
+
+        "C=US, L=New York, O=R3 HoldCo LLC, OU=Corda, CN=Corda Root CA"
+
+This set-up ensures that the TLS-level certificates are embedded with the CRL distribution point referencing the CRL issued by R3.
+In cases where a proprietary CRL infrastructure is provided those values need to be changed accordingly.
+
+.. _hiding-sensitive-data:
+
+Hiding sensitive data
+---------------------
+A frequent requirement is that configuration files must not expose passwords to unauthorised readers. By leveraging environment variables, it is possible to hide passwords and other similar fields.
+
+Take a simple node config that wishes to protect the node cryptographic stores:
+
+.. parsed-literal::
+
+    myLegalName : "O=PasswordProtectedNode,OU=corda,L=London,C=GB"
+    keyStorePassword : ${KEY_PASS}
+    trustStorePassword : ${TRUST_PASS}
+    p2pAddress : "localhost:12345"
+    devMode : false
+     networkServices {
+        doormanURL = "https://cz.example.com"
+        networkMapURL = "https://cz.example.com"
+    }
+
+By delegating to a password store, and using `command substitution` it is possible to ensure that sensitive passwords never appear in plain text.
+The below examples are of loading Corda with the KEY_PASS and TRUST_PASS variables read from a program named ``corporatePasswordStore``.
+
+
+Bash
+~~~~
+
+.. sourcecode:: shell
+
+    KEY_PASS=$(corporatePasswordStore --cordaKeyStorePassword) TRUST_PASS=$(corporatePasswordStore --cordaTrustStorePassword) java -jar corda.jar
+
+.. warning:: If this approach is taken, the passwords will appear in the shell history.
+
+
+Windows PowerShell
+~~~~~~~~~~~~~~~~~~
+
+.. sourcecode:: shell
+
+    $env:KEY_PASS=$(corporatePasswordStore --cordaKeyStorePassword); $env:TRUST_PASS=$(corporatePasswordStore --cordaTrustStorePassword); java -jar corda.jar
+
+
+For launching on Windows without PowerShell, it is not possible to perform command substitution, and so the variables must be specified manually, for example:
+
+.. sourcecode:: shell
+
+    SET KEY_PASS=mypassword & SET TRUST_PASS=mypassword & java -jar corda.jar
+
+.. warning:: If this approach is taken, the passwords will appear in the windows command prompt history.
+
+
 Logging
 -------
 

docs/source/node-naming.rst

@@ -1,3 +1,5 @@
+.. _node-naming:
+
 Node naming
 ===========
 A node's name must be a valid X.500 distinguished name. In order to be compatible with other implementations

docs/source/node-structure.rst

@@ -1,7 +1,5 @@
 Node folder structure
-==============
-
-.. contents::
+=====================
 
 A folder with Corda node files has the following structure: